Two proposals to expand dramatically the surveillance capabilities of
the federal government are now under consideration by lawmakers in
Washington, DC. Both measures raise far-reaching questions about the
appropriate scope of government power in light of the tragic events
in Oklahoma City.

The White House, still without a sponsor for its bill, has circulated
a draft of the "Antiterrorism Amendments Act of 1995." The bill is
intended to be considered along with an earlier White House proposal
on terrorism. The bill also extends surveillance capabilities but
contains fewer safeguards than are found in the Dole-Hatch measure.

The White House bill modifies current wiretap law and privacy law,
and permits extensive expansion of electronic surveillance
capabilities, including greater access to telephone toll records,
broad exceptions to current limitations on wiretap capability,
authority for roving wiretaps, and a new exception that would permit
the use of illegally obtained evidence in a court proceeding.

The White House measure also establishes a Telecommunications Carrier
Compliance Fund that would permit the Attorney General to pay telephone
companies and other firms to design wiretap ready technology The Fund
would be financed by a 40% increase in all civil monetary penalties
assessed by the United States government. The White House measure
allows the Attorney General to spend $485,000,000 over the next three
years toward this program.

The Senate Judiciary Subcommittee on Terrorism, Intelligence, and
Government Information will hold hearings on the measures on
Thursday, May 4. Senator Specter chairs the Subcommittee.

Copies of the proposals and EPIC's complete analysis are available at
the EPIC Domestic Security and Freedom page
(http://epic.org/terrorism/)

[2] Freeh Testimony on Proposal, Comments on Encryption

Testimony of FBI Director Louis Freeh before House Committee on
Judiciary, Subcommittee on Crime, May 3, 1995

...

With respect to the authorities that we have, as we testified in the
Senate last week, the FBI is very comfortable with the attorney general
guidelines. I feel very confident that, interpreted broadly, and
certainly within the Constitution, those guidelines give me and my
agents the authority we need to investigate and prevent, in many cases,
what would be clear violations of criminal law and clear terrorist
activity within the United States ...

We need the authority to trace money, explosives, nuclear materials and
terrorists. Pen registers and trap-and-trace devices are necessary in
counterterrorism as well as counterintelligence cases. The threshold
ought to be the same in a criminal case as in a terrorism case. It's
critical that investigators have increased access, short of a
full-blown grand jury investigation, to hotel, motel and common-carrier
records.

...

Encryption capabilities available to criminals and terrorists, both now
and in days to come, must be dealt with promptly. We will not have an
effective counterterrorism stat- counterterrorism strategy if we do not
solve the problem of encryption. It's not a problem unique, by the
way, to terrorists. It's one which addresses itself to drug dealers
and cartels and criminals at large. There are now no legally available
means in some dangerously few cases to exclude and remove alien
terrorists from the United States. Again, that's an issue that this
committee has already taken up.

These are tools. These are not new authorities. These are tools with
which to use our current statutory authority, all, in my view, well
within the Constitution. And the addition of those resources, which
are people and technologies, will give us the ability to deal with
these cases as well as prepare for and prevent other incidents such as
the one we've seen recently.

In a report sent to Congress this week, the Administrative Office of
the United States Courts revealed that the use of electronic
surveillance by law enforcement agencies reached an all-time high in
1994. The growth was driven by an increased number of federal
narcotics investigations.

In 1994, 1,154 electronic surveillance orders were granted, up from
976 in 1993. The increase in 1994 was the single largest jump since
the early 1970s, when legal wiretapping was first authorized. The
number of orders for state and federal increased 18 percent over
last year, while federal use jumped by 23 percent. During the
year, 554 federal and 600 state orders were approved. For the sixth
straight year, no requests were denied by a federal or state judge. A
total of 44,500 days of recording were reported, up 12 percent from
1993. The average length of each interception was 40 days, up from
19 days in 1978 and slightly lower than 1993 figures.

The vast majority of electronic surveillance was used in drug
investigations. Seventy-six percent of all orders were for narcotics
investigations and eight percent each for racketeering and gambling.

Significantly, in light of the tragedy in Oklahoma City and efforts in
Congress to increase electronic surveillance for domestic security
reasons, there were no orders to investigate "arson, explosives, and
weapons" charges for the sixth straight year. That category of cases
accounts for only 55 of 19,139 electronic surveillance requests over
the past twenty years. Most occurred during the 1970s. Electronic
surveillance under the Foreign Intelligence Surveillance Act for
"national security" cases is not included in the report.

Meanwhile, the efficiency of electronic surveillance dropped sharply.
Only 17 percent of conversations that were intercepted were deemed
"incriminating" by prosecutors. An average of 2,139 conversations were
recorded per intercept, while an average of 373 of those conversations
were classified as incriminating. Since the 1970s, the efficiency of
wiretaps has steadily declined. Each order captured an average of 84
individuals in intercepted conversations.

There was a sharp increase in the interception of electronic devices,
including cellular telephones, pagers and electronic mail. Some 208
orders were issued for intercepting electronic devices, up 47 percent
from 1993. During the year, 768 orders were issued for standard
wiretaps. The use of microphones dropped from 55 to 52, while the
number of investigations that used several types of devices increased
slightly to 72 from 63.

Electronic surveillance continued to be an expensive investigative
tool, averaging $49,478 per order. The average cost for a federal
orders is $66,783. The highest cost for a single electronic
surveillance operation occurred in a federal investigation in Indiana,
where an 87 day intercept cost the government $839,421.

[4] Clinton Secrecy Order Includes Crypto

On April 17, the White House released the President's long- awaited
Executive Order on the classification of national security
information. The order still permits classification of information relating
to "cryptology", but some changes were made. The new order
requires the automatic declassification of most secret information 25
years or older. However, the order exempts information from automatic
declassification if it falls into a narrow exemption category,
including information that would "reveal ... a cryptographic system or
activity."

Efforts to revise the current Executive Order (issued by President
Reagan in 1981) began more than two years ago, soon after the Clinton
Administration assumed office. EPIC actively monitored the revision
process and urged a relaxation of classification standards generally
and of those governing cryptographic information specifically. In
comments submitted in July 1993, EPIC staff urged removal of
"cryptology" from the categories of information presumed to be
classifiable. We noted that the "designation of a routine
privacy-enhancing technology as presumptively a national security
matter is inconsistent with the end of the Cold War and the dramatic
growth of commercial and civilian telecommunications networks. ...
[Cryptographic] technology today plays an essential role in assuring
the security and privacy of a wide range of communications affecting
finance, education, research, and personal correspondence."

Under the Reagan order, "cryptology" was singled out as a separate and
independent category. The new Clinton order instead refers to
"intelligence activities (including special activities), intelligence
sources or methods, or cryptology." This formulation suggests a
recognition that information concerning encryption technology should
only be classified if it relates to intelligence uses of the
technology, as opposed to the increasing use of encryption in civilian
applications. The language, however, remains ambiguous and does not
comport with the growing opinion that cryptography should not be
presumptively tied to national security classification.

The classification of cryptographic information has already hampered
the public's ability to monitor the government's activities in the
area of civilian communications security. Information relating to the
Digital Signature Standard (intended for the authentication of
unclassified electronic transmissions) was withheld from disclosure
under the Reagan Executive Order. Likewise, key information
concerning the Clipper encryption initiative (including the underlying
Skipjack algorithm) was classified and placed beyond public review.

[5] EPIC FOIA Update

In the last few weeks EPIC has received a substantial amount of
material from the National Security Agency, the National Security
Council, the Justice Department and the Federal Bureau of
Investigation on the Clipper and Digital Telephony proposals.

Materials Include:

-- A series of internal email messages about the Clipper proposal
sent by the National Security Council to the White House in the early days
of the Clinton Administration. The first message appears only
three days after Clinton's inauguration.

-- A undated document obtained from the National Security Agency
entitled: "Options to Address Encryption Effects on Law Enforcement."
The document describes the conclusions of the Interagency Working
Group set up after Clipper proposal was announced in April 1993:

"Legislation to regulate common carriers and PBX operators
to assure their systems are compatible with law enforcement
interests may be refined pursued with manageable political risk."

"Legislation to authorize regulation of encryption product
manufactures would be considerably more difficult and
required further study."

-- Another memo dated October 19, 1990 obtained from the NSA bluntly
states the NSA position on the DSS and key escrow proposals.

"If Kammer [Acting director of NIST] does not accept our
proposal, we will have to consider escalating the problem.

-- A copy of the the classified Presidential Review Directive 27,
President Decision Directive 5 and several drafts of the Interagency
Report on Clipper entitled "Impacts of Telecommunications and
Encryption Technology on Law Enforcement and Intelligence Collection:
Assessment, Options, and Recommendations."

-- A heavily redacted report on "problems" encountered by law
enforcement that justified last years Communications Assistance for
Law Enforcement Act of 1994.

EPIC will be making the material available in its annual Cryptography
and Privacy Sourcebook in June. The book will sell for $50. Copies
of previous years sourcebooks are also available. EPIC will also make
available GIFs of documents obtained from the government under the
FOIA.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org
/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). An
HTML version of the current issue is available from
http://epic.org

The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data. EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information, email info@epic.org, WWW at
HTTP://epic.org or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
547-5482 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act
litigation, strong and effective advocacy for the right of privacy and
efforts to oppose Clipper and Digital Telephony wiretapping proposals.